[cairo-bugs] [Bug 54822] New: crash in cairo-tor-scan-converter while opening a pdf

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Sep 12 10:13:23 PDT 2012 

https://bugs.freedesktop.org/show_bug.cgi?id=54822

             Bug #: 54822
           Summary: crash in cairo-tor-scan-converter while opening a pdf
    Classification: Unclassified
           Product: cairo
           Version: 1.12.2
          Platform: x86 (IA32)
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
        AssignedTo: cworth at cworth.org
        ReportedBy: riccardo.magliocchetti at gmail.com
         QAContact: cairo-bugs at cairographics.org


This file [1] makes evince crash in cairo. Debian sid with cairo 1.12.2-2 and
evince 3.4.0-3.

[1] http://kernsec.org/files/LinuxSecuritySummit2012_rpm.pdf

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xef6ffb70 (LWP 10039)]
full_row (mask=4294967295, coverages=0xf5ffcbac, active=0xf5ffcb3c)
    at
/build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-tor-scan-converter.c:1358
1358   
/build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-tor-scan-converter.c:
File o directory non esistente.
(gdb) bt full
#0  full_row (mask=4294967295, coverages=0xf5ffcbac, active=0xf5ffcb3c)
    at
/build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-tor-scan-converter.c:1358
        right = 0x0
        winding = 36752
        left = 0xf5ffcad4
#1  glitter_scan_converter_render (renderer=0xef6fd1ac, antialias=1, 
    winding_mask=4294967295, converter=0xf5ffc394)
    at
/build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-tor-scan-converter.c:1713
        do_full_row = 1
        j = 4
        ymax_i = <optimized out>
        xmin_i = 81
        active = 0xf5ffcb3c
        ymin_i = <optimized out>
        h = <optimized out>
        polygon = 0xf5ffc394
        buckets = {0x0 <repeats 15 times>}
        i = <optimized out>
        xmax_i = 97
        coverages = 0xf5ffcbac
#2  _cairo_tor_scan_converter_generate (converter=0xf5ffc388, 
---Type <return> to continue, or q <return> to quit---
    renderer=0xef6fd1ac)
    at
/build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-tor-scan-converter.c:1809
        self = 0xef6fd1ac
        status = <optimized out>
#3  0xf7722a15 in composite_polygon (extents=extents at entry=0xef6fe210, 
    polygon=polygon at entry=0xef6fde08, 
    fill_rule=fill_rule at entry=CAIRO_FILL_RULE_WINDING, 
    antialias=antialias at entry=CAIRO_ANTIALIAS_DEFAULT, 
    compositor=<error reading variable: Unhandled dwarf expression opcode
0xfa>, compositor=<error reading variable: Unhandled dwarf expression opcode
0xfa>)
    at
/build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-spans-compositor.c:716
        renderer = {base = {status = 3221996115, destroy = 0x3eb82b6a, 
            render_rows = 0xf76ed850 <_inplace_spans>, finish = 0}, 
          data = "\020\342o\357D`\022=\003\302\v\300
\000\000\000`\362u\357h\367u\357\350\362\361\365\000\000\000\000\000\000\000\000\217\261\303'\017\205ɿ\225^\254/\035X\335?\301\361h\347\v",
'\000' <repeats 14 times>,
"\005\341\366ÿBXp\367\364\217|\367H\322o\357H\322o\357\244\327o\357O]p\367\\\325o\357H\322o\357\003\000\000\000\260\357p\367\\\325o\357\f\335o\357p\322oﻻ\273\273\000\000\000\000\000\022\254?\322Q\000\000\016/\000\000[`\000\000\231.\000\000\211.\000\000$.\000\000.\000\000\000\024\000\000\000\351\363wM\364\217|\367\344\177\223V\000\000\000\000$`\000\000\236\364p\367\260\325o\357\212(\000\000\022)\000\000\377\377\37---Type
<return> to continue, or q <return> to quit---
7\377W^\"\367.a\"\367\000\373\377\377M[p\367\370\331o\357[`\000\000\000Q\000\000\000a\000\000\212(\000\000\022)\000\000[`\000\000\320'\000\000
\324o\357 at g\327?\303.\000\000dR\000\000\000Q\000\000C/\000\000\000a\000\000\320'\000\000\000]\372\377\377\377\377\377\005>"...}
        converter = 0xf5ffc388
        needs_clip = 0
        status = <optimized out>
#4  0xf77234ff in clip_and_composite_polygon (
    antialias=CAIRO_ANTIALIAS_DEFAULT, fill_rule=CAIRO_FILL_RULE_WINDING, 
    polygon=0xef6fde08, extents=0xef6fe210, compositor=0xf77c9880)
    at
/build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-spans-compositor.c:880
        status = <optimized out>
#5  clip_and_composite_polygon (compositor=0xf77c9880, extents=0xef6fe210, 
    polygon=0xef6fde08, fill_rule=CAIRO_FILL_RULE_WINDING, 
    antialias=CAIRO_ANTIALIAS_DEFAULT)
    at
/build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-spans-compositor.c:819
        status = 36752

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.

More information about the cairo-bugs mailing list